CVE-2024-28741

HIGH

NorthStar C2 XSS to Agent RCE

Title source: metasploit

Description

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.

Exploits (2)

nomisec WORKING POC 5 stars
by chebuya · poc
https://github.com/chebuya/CVE-2024-28741-northstar-agent-rce-poc
metasploit WORKING POC EXCELLENT
by h00die, chebuya · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/northstar_c2_xss_to_agent_rce.rb

References (3)

Scores

CVSS v3 8.8
EPSS 0.8799
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-79
Status published
Published Apr 06, 2024
Tracked Since Feb 18, 2026